December 23, 2008

PCI Compliance Does Not Equal Security

Growing number of firms report hacker attacks after adhering to PCI Compliance regulations

PCI compliance is like a driver's license - it may mean that a retailer has passed the test for compliance, but doesn't necessarily mean it's in compliance.

–	Linda McGlasson, Managing Editor BankInfo Security

An article about the top 10 security breaches of 2008, cited that 2 out of the 10 breaches were done to companies who were in compliance with PCI regulations.

Both Maine-based Hannaford Brothers grocery store chain and ski resort Okemo were hit by hackers that installed malicious software on their Websites to capture credit card data. And at the time of both attacks, the companies were PCI compliant. These firms now share company with the likes of Forever 21 – a retail clothing company – that was victim to a similar attack back in October.

I liked how the author summarized PCI compliance:

Lesson Learned: PCI compliance is like a driver's license -- it may mean that a retailer has passed the test for compliance, but doesn't necessarily mean it is in compliance.

At the risk of sounding redundant, we will stress again, that companies must do more that just attain PCI compliance. They must constantly test and re-test their Websites for the latest vulnerability threats, as 400 new ones emerge every month.

by
Erin Swanson
Eswanson@cenzic.com


	Top 10 Security Breaches of 2008
	Ghost of Christmas Past (TJX) Still Casts Specter on Present and Future
	http://www.bankinfosecurity.com/articles.php?art_id=1120&opg=1

	Why Do Bad Things Happen to PCI-Compliant Companies?
	PCI DSS compliance does not equal security
	http://linuxinsider.com/story/security/64926.html

Topic Tags: pci compliance

by Erin Swanson

↑top

link to this

Post a Comment

Title:

Summary:

Comment:

Links:

Your info:

Name:		Required; will be displayed with comment.
E-mail:		Required (in case we need to contact you); will NOT be displayed with comment.
Web:		Optional; will use to hyperlink your name in the comment.
Twitter:		Optional; allows visitors to follow you on Twitter.
Save this in my browser

Verification:

Type the characters you see in the picture above.

Letters are case sensitive.

Notice: Your thoughtful opinions are valued and encouraged, but all comments are moderated so there will be a delay between the time you post your comment and when it appears in this site. Please don't be offended if your comment is edited for clarity or to avoid questionable matters. Offensive or off-topic comments will be deleted.